Vulnerabilities | |||||
---|---|---|---|---|---|
Version | Suggest | Low | Medium | High | Critical |
1.6.1 | 0 | 0 | 0 | 0 | 0 |
1.6.0 | 0 | 0 | 0 | 0 | 0 |
1.5.7 | 0 | 0 | 0 | 0 | 0 |
1.5.6 | 0 | 0 | 0 | 0 | 0 |
1.5.5 | 0 | 0 | 0 | 0 | 0 |
1.5.4 | 0 | 0 | 0 | 0 | 0 |
1.5.3 | 0 | 0 | 0 | 0 | 0 |
1.5.2 | 0 | 0 | 0 | 0 | 0 |
1.5.1 | 0 | 0 | 0 | 0 | 0 |
1.5.0 | 0 | 0 | 0 | 0 | 0 |
1.4.2 | 0 | 0 | 0 | 0 | 0 |
1.4.1 | 0 | 0 | 0 | 0 | 0 |
1.4.0 | 0 | 0 | 0 | 0 | 0 |
1.3.0 | 0 | 0 | 0 | 0 | 0 |
1.2.3 | 0 | 0 | 0 | 0 | 0 |
1.2.2 | 0 | 0 | 0 | 0 | 0 |
1.2.1 | 0 | 0 | 0 | 0 | 0 |
1.2.0 | 0 | 0 | 0 | 0 | 0 |
1.1.3 | 0 | 0 | 0 | 0 | 0 |
1.1.2 | 0 | 0 | 0 | 0 | 0 |
1.1.1 | 0 | 0 | 0 | 0 | 0 |
1.1.0 | 0 | 0 | 0 | 0 | 0 |
1.0.0 | 0 | 0 | 0 | 0 | 0 |
0.7.7 | 0 | 0 | 0 | 0 | 0 |
0.7.6 | 0 | 0 | 0 | 0 | 0 |
0.7.5 | 0 | 0 | 0 | 0 | 0 |
0.7.4 | 0 | 0 | 0 | 0 | 0 |
0.7.3 | 0 | 0 | 0 | 0 | 0 |
0.7.2 | 0 | 0 | 0 | 0 | 0 |
0.7.1 | 0 | 0 | 0 | 0 | 0 |
0.7.0 | 0 | 0 | 0 | 0 | 0 |
0.6.11 | 0 | 0 | 0 | 0 | 0 |
0.6.10 | 0 | 0 | 0 | 0 | 0 |
0.6.9 | 0 | 0 | 0 | 0 | 0 |
0.6.8 | 0 | 0 | 0 | 0 | 0 |
0.6.7 | 0 | 0 | 0 | 0 | 0 |
0.6.6 | 0 | 0 | 0 | 0 | 0 |
0.6.5 | 0 | 0 | 0 | 0 | 0 |
0.6.4 | 0 | 0 | 0 | 0 | 0 |
0.6.3 | 0 | 0 | 0 | 0 | 0 |
0.6.2 | 0 | 0 | 0 | 0 | 0 |
0.6.1 | 0 | 0 | 0 | 0 | 0 |
0.6.0 | 0 | 0 | 0 | 0 | 0 |
0.5.11 | 0 | 0 | 0 | 0 | 0 |
0.5.10 | 0 | 0 | 0 | 0 | 0 |
0.5.9 | 0 | 0 | 0 | 0 | 0 |
0.5.8 | 0 | 0 | 0 | 0 | 0 |
0.5.7 | 0 | 0 | 0 | 0 | 0 |
0.5.6 | 0 | 0 | 0 | 0 | 0 |
0.5.5 | 0 | 0 | 0 | 0 | 0 |
0.5.4 | 0 | 0 | 0 | 0 | 0 |
0.5.3 | 0 | 0 | 0 | 0 | 0 |
0.5.2 | 0 | 0 | 0 | 0 | 0 |
0.5.1 | 0 | 0 | 0 | 0 | 0 |
0.5.0 | 0 | 0 | 0 | 0 | 0 |
0.4.10 | 0 | 0 | 0 | 0 | 0 |
0.4.9 | 0 | 0 | 0 | 0 | 0 |
0.4.8 | 0 | 0 | 0 | 0 | 0 |
0.4.7 | 0 | 0 | 0 | 0 | 0 |
0.4.6 | 0 | 0 | 0 | 0 | 0 |
0.4.5 | 0 | 0 | 0 | 0 | 0 |
0.4.4 | 0 | 0 | 0 | 0 | 0 |
0.4.3 | 0 | 0 | 0 | 0 | 0 |
0.4.2 | 0 | 0 | 0 | 0 | 0 |
0.4.1 | 0 | 0 | 0 | 0 | 0 |
0.4.0 | 0 | 0 | 0 | 0 | 0 |
0.3.9 | 0 | 0 | 0 | 0 | 0 |
0.3.8 | 0 | 0 | 0 | 0 | 0 |
0.3.7 | 0 | 0 | 0 | 0 | 0 |
0.3.6 | 0 | 0 | 0 | 0 | 0 |
0.3.5 | 0 | 0 | 0 | 0 | 0 |
0.3.4 | 0 | 0 | 0 | 0 | 0 |
0.3.3 | 0 | 0 | 0 | 0 | 0 |
0.3.2 | 0 | 0 | 0 | 0 | 0 |
0.2.3 | 0 | 0 | 0 | 0 | 0 |
0.2.2 | 0 | 0 | 0 | 0 | 0 |
0.2.1 | 0 | 0 | 0 | 0 | 0 |
0.2.0 | 0 | 0 | 0 | 0 | 0 |
0.1.1 | 0 | 0 | 0 | 0 | 0 |
0.1.0 | 0 | 0 | 0 | 0 | 0 |
1.6.1 - This version is safe to use because it has no known security vulnerabilities at this time. Find out if your coding project uses this component and get notified of any reported security vulnerabilities with Meterian-X Open Source Security Platform
Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.
MIT - MIT LicenseBandit is an HTTP server for Plug and WebSock apps.
Bandit is written entirely in Elixir and is built atop Thousand Island. It can serve HTTP/1.x, HTTP/2 and WebSocket clients over both HTTP and HTTPS. It is written with correctness, clarity & performance as fundamental goals.
In ongoing automated performance tests, Bandit's HTTP/1.x engine is up to 4x faster than Cowboy depending on the number of concurrent requests. When comparing HTTP/2 performance, Bandit is up to 1.5x faster than Cowboy. This is possible because Bandit has been built from the ground up for use with Plug applications; this focus pays dividends in both performance and also in the approachability of the code base.
Bandit also emphasizes correctness. Its HTTP/2 implementation scores 100% on the h2spec suite in strict mode, and its WebSocket implementation scores 100% on the Autobahn test suite, both of which run as part of Bandit's comprehensive CI suite. Extensive unit test, credo, dialyzer, and performance regression test coverage round out a test suite that ensures that Bandit is and will remain a platform you can count on.
Lastly, Bandit exists to demystify the lower layers of infrastructure code. In a world where The New Thing is nearly always adding abstraction on top of abstraction, it's important to have foundational work that is approachable & understandable by users above it in the stack.
Any Phoenix or Plug app should work with Bandit as a drop-in replacement for Cowboy; exceptions to this are errors (if you find one, please file an issue!).
Bandit fully supports Phoenix. Phoenix applications which use WebSockets for features such as Channels or LiveView require Phoenix 1.7 or later.
Using Bandit to host your Phoenix application couldn't be simpler:
Add Bandit as a dependency in your Phoenix application's mix.exs
:
{:bandit, "~> 1.0"}
Add the following adapter:
line to your endpoint configuration in config/config.exs
, as in the following example:
# config/config.exs
config :your_app, YourAppWeb.Endpoint,
adapter: Bandit.PhoenixAdapter, # <---- ADD THIS LINE
url: [host: "localhost"],
render_errors: ...
That's it! You should now see messages at startup indicating that Phoenix is using Bandit to serve your endpoint, and everything should 'just work'. Note that if you have set any exotic configuration options within your endpoint, you may need to update that configuration to work with Bandit; see the Bandit.PhoenixAdapter documentation for more information.
Using Bandit to host your own Plug is very straightforward. Assuming you have
a Plug module implemented already, you can host it within Bandit by adding
something similar to the following to your application's Application.start/2
function:
# lib/my_app/application.ex
defmodule MyApp.Application do
use Application
def start(_type, _args) do
children = [
{Bandit, plug: MyApp.MyPlug}
]
opts = [strategy: :one_for_one, name: MyApp.Supervisor]
Supervisor.start_link(children, opts)
end
end
For less formal usage, you can also start Bandit using the same configuration
options via the Bandit.start_link/1
function:
# Start an http server on the default port 4000, serving MyApp.MyPlug
Bandit.start_link(plug: MyPlug)
A number of options are defined when starting a server. The complete list is
defined by the t:Bandit.options/0
type.
By far the most common stumbling block encountered when setting up an HTTPS server involves configuring key and certificate data. Bandit is comparatively easy to set up in this regard, with a working example looking similar to the following:
# lib/my_app/application.ex
defmodule MyApp.Application do
use Application
def start(_type, _args) do
children = [
{Bandit,
plug: MyApp.MyPlug,
scheme: :https,
certfile: "/absolute/path/to/cert.pem",
keyfile: "/absolute/path/to/key.pem"}
]
opts = [strategy: :one_for_one, name: MyApp.Supervisor]
Supervisor.start_link(children, opts)
end
end
If you're using Bandit to run a Phoenix application as suggested above, there is nothing more for you to do; WebSocket support will 'just work'.
If you wish to interact with WebSockets at a more fundamental level, the WebSock and WebSockAdapter libraries provides a generic abstraction for WebSockets (very similar to how Plug is a generic abstraction on top of HTTP). Bandit fully supports all aspects of these libraries.
Bandit primarily consists of three protocol-specific implementations, one each for HTTP/1, HTTP/2 and WebSockets. Each of these implementations is largely distinct from one another, and is described in its own README linked above.
If you're just taking a casual look at Bandit or trying to understand how an HTTP server works, the HTTP/1 implementation is likely the best place to start exploring.
Contributions to Bandit are very much welcome! Before undertaking any substantial work, please open an issue on the project to discuss ideas and planned approaches so we can ensure we keep progress moving in the same direction.
All contributors must agree and adhere to the project's Code of Conduct.
Security disclosures should be handled per Bandit's published security policy.
Bandit is available in Hex. The package can be installed
by adding bandit
to your list of dependencies in mix.exs
:
def deps do
[
{:bandit, "~> 1.0"}
]
end
Documentation can be found at https://hexdocs.pm/bandit.
MIT